Qualys Vulnerability R&D Lab has released new vulnerability checks in the Qualys Cloud Platform to protect organizations against 32 vulnerabilities that were fixed in 9 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 9 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
Multiple vulnerabilities listed below have been identified in WordPad and Office Text Converters:
- A memory corruption vulnerability in WordPad and Office Text Converter exists in the way the applications process memory when a user opens a specially crafted Word 6 file that includes malformed data. A remote attacker can exploit this flaw to execute arbitrary code. (CVE-2009-0087)
- A stack-based buffer overflow vulnerability exists when parsing a specially crafted Word 97 document. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed list structure. (CVE-2008-4841)
- A stack corruption vulnerability in Word 2000 WordPerfect 6.x Converter exists in the way that the converter processes memory when parsing a specially crafted WordPerfect document. (CVE-2009-0088)
- A stack-based buffer overflow vulnerability exists in WordPad as a result of memory corruption when a user opens a specially crafted Word file. This can be exploited by a remote attacker to execute arbitrary code. (CVE-2009-0235)
Microsoft has released a security update to address these vulnerabilities by modifying the way that Microsoft Office Word and Office text converters handle opening specially crafted Word 6.0, Windows Write, and WordPerfect documents. It also addresses the vulnerabilities by implementing fixes to WordPad and by preventing WordPad on affected platforms from opening Word 6.0 and Windows Write files.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
April 2009 Security Updates Are Now Available On the ECE (KB960477, 923561)
2) Disable the Word 6 converter by restricting access by applying an access control list to affected converters to ensure that the converter is no longer loaded by WordPad and Office.
Impact of the workaround: Conversion of Word 6 documents to WordPad RTF or Word 2003 documents will no longer work.
3) Disable the Office text converter by restricting access by applying an access list to the affected converter to ensure it is no longer loaded by Microsoft Office Word.
Impact of the workaround: Microsoft Office Word will no longer load WordPerfect documents.
Detailed information on applying access lists to disable Word 6 and Office text converter can be found in Microsoft Security Bulletin MS09-010.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Microsoft Office 2000 Service Pack 3 (Microsoft Office Word 2000 Service Pack 3)
Microsoft Office XP Service Pack 3 (Microsoft Office Word 2002 Service Pack 3)
Microsoft Office Converter Pack
Refer to Microsoft Security Bulletin MS09-010 for further details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS09-010 Microsoft Office 2000 Service Pack 3(Microsoft Office Word 2000 Service Pack 3)
MS09-010 Microsoft Office Converter Pack
MS09-010 Microsoft Office XP Service Pack 3(Microsoft Office Word 2002 Service Pack 3)
MS09-010 Microsoft Windows 2000 Service Pack 4
MS09-010 Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
MS09-010 Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
MS09-010 Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
MS09-010 Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
MS09-010 Windows XP Service Pack 2 and Windows XP Service Pack 3
An attacker can exploit this vulnerability by constructing a specially-crafted web page and making the user visit this page.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS08-070 Microsoft Office Project 2003 Service Pack 3
MS08-070 Microsoft Office Project 2007
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
December 2008 Updates are Available (including for XPe SP3 and Standard) (KB956802)
Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=3B775FB1-1077-455D-AF4A-4CCB5237974F
Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=2151FBBA-C464-4D1E-82D4-5B096E82BED0
Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=2151FBBA-C464-4D1E-82D4-5B096E82BED0
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=2247F6A5-AA33-4C68-9EA8-A63488D126D3
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=0C396796-0929-4CD2-99E8-3C0F7075A89E
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=6D5C7D2F-1A82-4CDF-B3F2-B2C2390C6A64
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=1EDB62B4-3D0F-4891-B4B3-8F8BC4E7BDFE
Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=CDDF9CF6-BDEB-4429-823A-879387A428D7
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=73DC3775-B6F0-40F1-BD36-6B5FB80EB2FA
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=BBED9E8B-E75E-44EF-BA1D-FD6F852C1F67
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=48AECF4C-1296-490D-BA37-A28E3EC19BD6
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=9BFE15CD-02FF-45CF-85C8-5FF1E6C1A871
Refer to Micrsoft Security Bulletin MS08-071 for further details.
- Word Memory Corruption Vulnerability (CVE-2008-4024)
- Word RTF Object Parsing Vulnerability (CVE-2008-4025)
- Word Memory Corruption Vulnerability (CVE-2008-4026)
- Word RTF Object Parsing Vulnerability (CVE-2008-4027)
- Word RTF Object Parsing Vulnerability (CVE-2008-4028)
- Word RTF Object Parsing Vulnerability (CVE-2008-4030)
- Word RTF Object Parsing Vulnerability (CVE-2008-4031)
- Word Memory Corruption Vulnerability (CVE-2008-4837)
Microsoft Office 2000 Service Pack 3 (Microsoft Office Word 2000 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=43e8c4d8-307b-48f6-ac99-a9617421d40a
Microsoft Office XP Service Pack 3 (Microsoft Office Word 2002 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=3ef41412-50b3-4077-b0e3-9a3704d2f876
Microsoft Office 2003 Service Pack 3 (Microsoft Office Word 2003 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=45c81c60-4b1b-4246-839b-198ebc4eeae2
2007 Microsoft Office System (Microsoft Office Word 2007):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37
2007 Microsoft Office System (Microsoft Office Outlook 2007):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37
2007 Microsoft Office System Service Pack 1 (Microsoft Office Word 2007 Service Pack 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37
2007 Microsoft Office System Service Pack 1 (Microsoft Office Outlook 2007 Service Pack 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37
Microsoft Office Word Viewer 2003 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=70de7c3c-519f-4f4a-a03f-027f80b5415c
Microsoft Office Word Viewer:
http://www.microsoft.com/downloads/details.aspx?FamilyId=70de7c3c-519f-4f4a-a03f-027f80b5415c
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats:
http://www.microsoft.com/downloads/details.aspx?FamilyId=55430121-4476-48b8-9f6f-4a60fa0b2970
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=55430121-4476-48b8-9f6f-4a60fa0b2970
For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-072.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
December 2008 Updates are Available (including for XPe SP3 and Standard) (KB958215)
Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):
http://www.microsoft.com/downloads/details.aspx?familyid=c242ba42-556b-4c87-bf33-9d99166ff096
Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):
http://www.microsoft.com/downloads/details.aspx?familyid=c0583745-7e57-4265-9429-c3415cb8465f
Windows XP Service Pack 2 and Windows XP Service Pack 3 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?familyid=af9a6cb0-725d-490c-9858-16ec40e98560
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?familyid=60bf9851-24fe-4658-8333-d353e82063c7
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?familyid=d53adf6f-9501-4862-a1ca-57eb4d40cd75
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?familyid=5e37cb34-32be-4bbe-87f3-c4e1974e4d00
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?familyid=0da4e424-4682-4401-a226-7d8f1be19d44
Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Internet Explorer 7):
http://www.microsoft.com/downloads/details.aspx?familyid=1b582695-b3cc-4c65-bc4b-d673c9a6d82a
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):
http://www.microsoft.com/downloads/details.aspx?familyid=107cf54b-29d4-4c54-b091-2b5b3ffbf49d
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7):
http://www.microsoft.com/downloads/details.aspx?familyid=9cdd4f9e-c578-405c-af9e-628f2d77fdf4
For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-073.
- Excel File Format Parsing Vulnerability when loading formulas (CVE-2008-4264)
- Excel File Format Parsing Vulnerability when loading records (CVE-2008-4265)
- Excel Global Array Memory Corruption Vulnerability (CVE-2008-4266)
Microsoft Office 2000 Service Pack 3 (Microsoft Office Excel 2000 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=f39d2a49-f861-4f2d-bf91-94a8a85af40c
Microsoft Office XP Service Pack 3 (Microsoft Office Excel 2002 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=72076e21-2aa3-48e8-883a-c3cb756fc72a
Microsoft Office 2003 Service Pack 3 (Microsoft Office Excel 2003 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=6c0771e5-fcd4-4365-b903-1a3bd95d9e66
2007 Microsoft Office System (Microsoft Office Excel 2007):
http://www.microsoft.com/downloads/details.aspx?FamilyId=68bb8d99-f28b-4efd-9314-3eee0bb00ccf
2007 Microsoft Office System Service Pack 1 (Microsoft Office Excel 2007 Service Pack 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=68bb8d99-f28b-4efd-9314-3eee0bb00ccf
Microsoft Office Excel Viewer 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4b3989ef-02b8-4bd2-b2ab-c3716079936e
Microsoft Office Excel Viewer 2003 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4b3989ef-02b8-4bd2-b2ab-c3716079936e
Microsoft Office Excel Viewer:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9dbb35c1-aa7a-481b-a330-8ba916ddd443
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats:
http://www.microsoft.com/downloads/details.aspx?FamilyId=99cca4ed-f1f9-4cfd-a986-edbec82ced4f
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=99cca4ed-f1f9-4cfd-a986-edbec82ced4f
Microsoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=ECA13AD8-62AE-41A8-B308-41E2D1773820
For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-074.
Microsoft Search is prone to a remote code execution vulnerability if a user opens and saves a specially-crafted saved search file within Windows Explorer, or if a user clicks a specially-crafted search URL. This is because Windows Explorer does not correctly free memory when saving Windows Search files and does not correctly interpret parameters when parsing the search-ms protocol.
Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=0DCC5373-0435-42D5-864D-298E5BB122D9
Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=5B1B65F0-6848-47C6-BDD5-BE3C0621B323
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=2112C5C8-7C9F-4491-B127-B1093085E105
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=EB1D0FFE-1644-457B-9E82-768BD4C7F7AB
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=90AB7E6F-5AE7-4F55-8838-868FC98D8A16
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=470D506F-77AE-4A44-8598-DF645F484295
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=E1DEAB57-ADA2-4B12-9157-5615E7B0071D
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=E41F23E4-6A2F-4EBB-B425-D241A08DA316
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=48BED90D-C243-4969-8E54-326D9A7AF343
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=83DE2263-DE2A-4C13-96BA-ECFEBDAF0BB9
Refer to Micrsoft Security Bulletin MS08-075 for further details.
The security update addresses the first vulnerability by modifying the way that Windows Media authentication replies are validated. The security update addresses the second vulnerability by ensuring that Windows Media clients treat servers using ISATAP addresses as external.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
January 2009 Security Updates for Runtimes Are Available (KB952069)
December 2008 Updates are Available (including for XPe SP3 and Standard) (KB954600)
Microsoft Windows 2000 Server Service Pack 4 (Windows Media Player 6.4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C33D558E-45F9-4E85-B48C-03BD0E8CB4BC
Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Media Player 6.4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=99241309-E644-4088-A8F3-38837FAB4037
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Media Player 6.4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=946D47C9-B208-4FAB-8EF6-774413D61BC8
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Media Player 6.4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=2315CE20-2F46-42C2-BB40-045F003409D7
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Windows Media Player 6.4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=4C29BED9-1B88-4D2F-80A5-305C2BEDD89F
Microsoft Windows 2000 Service Pack 4 (Windows Media Format Runtime 7.1 and Windows Media Format Runtime 9.0):
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A459497-0AB8-41CB-87D0-B551631D8D8A
Windows XP Service Pack 2 (Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, and Windows Media Format Runtime 11):
http://www.microsoft.com/downloads/details.aspx?FamilyId=504F816C-F554-4B93-AC28-B085574D9BAC
Windows XP Service Pack 3 (Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, and Windows Media Format Runtime 11):
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD76FCF3-A2F9-4E36-BD1B-C1536749173C
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Media Format Runtime 9.5):
http://www.microsoft.com/downloads/details.aspx?FamilyId=644EF023-EE40-45B0-9C9D-C76D9FAB0005
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Media Format Runtime 9.5 x64 Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=AE9E8B07-5354-42F3-A226-BA2193244524
For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-076.
Microsoft Office SharePoint Server 2007 (32-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=f8f73997-6f4c-4b43-aa50-5c8276e83d3e
Microsoft Office SharePoint Server 2007 Service Pack 1 (32-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=f8f73997-6f4c-4b43-aa50-5c8276e83d3e
Microsoft Office SharePoint Server 2007 (64-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=a7fda284-273c-42ab-8188-433beaacca86
Microsoft Office SharePoint Server 2007 Service Pack 1 (64-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=a7fda284-273c-42ab-8188-433beaacca86
Microsoft Search Server 2008 (32-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=f8f73997-6f4c-4b43-aa50-5c8276e83d3e
Microsoft Search Server 2008 (64-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=a7fda284-273c-42ab-8188-433beaacca86
Refer to Micrsoft Security Bulletin MS08-077 for further details.
These new vulnerability checks are included in Qualys vulnerability signature 1.22.76-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Qualys Cloud Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.